package com.net.test.utility;

import net.sf.jmimemagic.Magic;
import net.sf.jmimemagic.MagicMatch;

import org.springframework.stereotype.Service;

@Service("securityGuide")
public class SecurityGuide {
	
	
	
	
	
	/**
	 * XXS 보안
	 * @param data
	 * @return
	 */
    public static String security_XSS(String data){
	      if(data==null){
	         return null;
	      }
	      String resultStr = "";
	      
	      for (int i = 0; i < data.length(); i++) {
	         char temp = data.charAt(i);
	         
	         if(temp == '<'){
	            resultStr += "&lt;";
	         }else if(temp == '>'){
	            resultStr += "&gt;";
	         }else if(temp == '\\'){
	            resultStr += "&quot";
	         }else if(temp == '\''){
	            resultStr += "&#39";
	         }else if(temp == '/'){
	            resultStr += "&frasl;";
	         }else if(temp == '('){
	            resultStr += "&#40;";
	         }else if(temp == ')'){
	            resultStr += "&#41;";
	         }else{
	            resultStr += temp;
	         }
	      }
	      
	      return resultStr;
	   }
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	// 제 1절 스크립트 삽입(XSS)
	// 제 2절 스크립트 요청 참조(CSRF)
	public String securityXSS(String data){
		if(data==null){
			return null;
		}
		
		// 필터목록. 사용불가능한 문자.
		String[] strFilter={"\\|", "&",";","\\$", "$","%","@","'","\"","\'","\\\"","\\<","\\>","\\+","CR","LF",",","\\\\","\\(","\\)"};
		for(String str : strFilter){
			data = data.replaceAll(str, "");
		}
		return data;
	}
	
	
	// 제 1절 스크립트 삽입(XSS)
	// 제 2절 스크립트 요청 참조(CSRF)
	public String securityXSS2(String data){
		// 필터목록. 사용불가능한 문자.
		String[] strFilter={"\\|", "&", ";" , "\\$", "$" ,"%" ,"@" ,"\'","\\\"","\\<","\\>","\\+","CR","LF","\\\\","\\(","\\)"};
		for(String str : strFilter){
			data = data.replaceAll(str, "");
		}
		return data;
	}
	
	
	public boolean securityXSS3(String data){
		if(data==null){
			return false;
		}
		String[] strFilter={"\\|", "&",";","\\$","%","@","'","\"","\'","\\\"","\\<","\\>","\\+","CR","LF",",","\\\\","\\(","\\)"};
		for(String str : strFilter){
			String s = data.replaceAll(str, "");
			if(!s.equals(data)){return true; }
		}
		return false;
	}

	   public static String securityMimeType(byte[] bytes){
		      Magic magic = new Magic();
		      String mimeType="";
		      try {
		         MagicMatch mm = magic.getMagicMatch(bytes);
		         mimeType=mm.getMimeType();
		      } catch (Exception e) {
		         //e.printStackTrace();
		      }
		      return mimeType;
		   }

}
